apiVersion: rbac.authorization.k8s.io/v1kind: ClusterRolemetadata: name:

1. apiVersion: rbac.authorization.k8s.io/v1
2. kind: ClusterRole
3. metadata:
4. name: admin-safe
5. rules:
6. - apiGroups:
7. - ""
8. resources:
9. - pods
10. - pods/attach
11. - pods/exec
12. - pods/portforward
13. - pods/proxy
14. - configmaps
15. - endpoints
16. - persistentvolumeclaims
17. - replicationcontrollers
18. - replicationcontrollers/scale
19. - secrets
20. - serviceaccounts
21. - services/proxy
22. - bindings
23. - events
24. - limitranges
25. - pods/log
26. - pods/status
27. - replicationcontrollers/status
28. - resourcequotas
29. - resourcequotas/status
30. - serviceaccounts
31. - rolebindings
32. - roles
33. - localresourceaccessreviews
34. - localsubjectaccessreviews
35. - subjectrulesreviews
36. - podsecuritypolicyreviews
37. - podsecuritypolicyselfsubjectreviews
38. - podsecuritypolicysubjectreviews
39. - rolebindingrestrictions
40. - buildconfigs
41. - buildconfigs/webhooks
42. - builds
43. - builds/log
44. - buildconfigs/instantiate
45. - buildconfigs/instantiatebinary
46. - builds/clone
47. - builds/details
48. - deploymentconfigs
49. - deploymentconfigs/scale
50. - deploymentconfigrollbacks
51. - deploymentconfigs/instantiate
52. - deploymentconfigs/rollback
53. - deploymentconfigs/log
54. - deploymentconfigs/status
55. - imagestreamimages
56. - imagestreammappings
57. - imagestreams
58. - imagestreams/secrets
59. - imagestreamtags
60. - imagestreams/status
61. - imagestreams/layers
62. - imagestreamimports
63. - appliedclusterresourcequotas
64. - processedtemplates
65. - templateconfigs
66. - templateinstances
67. - templates
68. - buildlogs
69. - resourcequotausages
70. - resourceaccessreviews
71. - subjectaccessreviews
72. verbs:
73. - '*'
74. #namespaces,projects
75. - apiGroups:
76. - ""
77. - project.openshift.io
78. resources:
79. - projects
80. - namespaces/status
81. - namespaces
82. - services
83. verbs:
84. - create
85. - get
86. - list
87. - watch
88. - patch
89. - update
90. #daemonsets,deployments,statefulsets
91. - apiGroups:
92. - apps
93. resources:
94. - '*'
95. verbs:
96. - create
97. - get
98. - list
99. - patch
100. - update
101. - watch
102. verbs:
103. - get
104. - list
105. - watch
106. - apiGroups:
107. - autoscaling
108. - batch
109. - extensions
110. - policy
111. - admissionregistration.k8s.io
112. - apiextensions.k8s.io
113. - apiregistration.k8s.io
114. - apps.openshift.io
115. - authentication.k8s.io
116. - authorization.k8s.io
117. - authorization.openshift.io
118. - automationbroker.io
119. - build.openshift.io
120. - cassandra.rook.io
121. - certificates.k8s.io
122. - events.k8s.io
123. - image.openshift.io
124. - kafka.strimzi.io
125. - keycloak.org
126. - metrics.k8s.io
127. - monitoring.coreos.com
128. - network.openshift.io
129. - networking.k8s.io
130. - oauth.openshift.io
131. - project.openshift.io
132. - quota.openshift.io
133. - rbac.authorization.k8s.io
134. - resourcequotausages
135. - route.openshift.io
136. - scheduling.k8s.io
137. - security.openshift.io
138. - servicecatalog.k8s.io
139. - settings.k8s.io
140. - storage.k8s.io
141. - template.openshift.io
142. - user.openshift.io
143. resources:
144. - '*'
145. verbs:
146. - '*'
147. - nonResourceURLs:
148. - '*'
149. verbs:
150. - '*'